The Dark Side of the Internet: Proton66’s Role in Cybercrime
Imagine a digital safe house where hackers operate without fear of being shut down. That’s exactly what Proton66 is a Russian bulletproof hosting service that ignores abuse reports, allowing cybercriminals to launch attacks with near impunity.
Security researchers at Trustwave SpiderLabs recently uncovered a surge in malicious activity linked to Proton66, including mass hacking attempts, ransomware attacks, and large-scale phishing scams. If your business relies on internet-connected systems, this is something you can’t afford to ignore.
How Proton66 Became a Hacker’s Paradise
Unlike regular web hosts, bulletproof hosting providers like Proton66 operate outside the rules. They ignore law enforcement requests, keep malicious sites online, and even help hackers evade detection.
Here’s what Proton66 has been up to in 2025:
Scanning & Breaking Into Networks: Hackers used Proton66’s IP addresses to scan for weak spots in business systems worldwide.
Exploiting Critical Flaws: They targeted vulnerabilities in Palo Alto, Mitel, D-Link, and Fortinet devices some of which were just discovered this year.
Spreading Malware & Ransomware: Proton66 servers hosted XWorm, StrelaStealer, and WeaXor ransomware, which steal data or lock files for ransom.
Real-World Attacks Linked to Proton66
1. Fake Android Apps That Steal Your Data
Cybercriminals set up fake Google Play Store pages hosted on Proton66, tricking users in France, Spain, and Greece into downloading malware. The scam used sneaky JavaScript to avoid detection, only targeting real Android users (not bots or security researchers).
2. A Sneaky Malware Attack on Korean Chat Rooms
A ZIP file distributed in Korean chat rooms hid a dangerous XWorm infection. Once opened, it ran hidden scripts that downloaded even more malware from Proton66 servers.
3. Phishing Emails Targeting German Businesses
German-speaking companies received fake invoices and shipping notices containing StrelaStealer, a malware that steals passwords, credit cards, and sensitive files.
4. Ransomware That Locks Down Entire Networks
A new WeaXor ransomware strain (an upgraded version of Mallox) was found communicating with Proton66 servers, meaning the attackers likely used this host to control infected systems.
Why Proton66 Keeps Getting Away With It
Bulletproof hosts like Proton66 stay in business because:
✔ They ignore takedown requests (unlike normal hosting companies).
✔ They constantly switch IPs and servers to avoid blacklists.
✔ They operate in regions where law enforcement can’t easily shut them down.
Even more concerning? Some of Proton66’s traffic may be routed through Kaspersky Lab’s networks (though Kaspersky denies any direct involvement).
How to Protect Yourself (Before It’s Too Late)
If Proton66-linked hackers are targeting businesses worldwide, what can you do?
1. Block Known Malicious IPs
Security experts recommend blocking Proton66’s IP ranges (like 45.135.232.0/24 and 193.143.1.0/24).
2. Patch Vulnerable Systems Immediately
Hackers are exploiting Palo Alto, Mitel, D-Link, and Fortinet flaws—if you use these, install updates NOW.
3. Train Employees to Spot Phishing Scams
Most attacks start with a fake email or malicious download. Teach your team to recognize red flags.
4. Monitor for Unusual Network Activity
Unexpected login attempts or strange outbound traffic? Could be a Proton66-linked attack in progress.
Final Warning: This Threat Isn’t Going Away
Proton66 isn’t some small-time operation it’s a major hub for cybercrime, and until governments crack down, businesses must stay alert
Discover more from CyberAwareHub
Subscribe to get the latest posts sent to your email.